US 6779118 User specific automatic data redirection system

ABSTRACT – A data redirection system for redirecting user’s data based on a stored rule set. The redirection of data is performed by a redirection server, which receives the redirection rule sets for each user from an authentication and accounting server, and a database. Prior to using the system, users authenticate with the authentication and accounting server, and receive a network address. The authentication and accounting server retrieves the proper rule set for the user, and communicates the rule set and the user’s address to the redirection server. The redirection server then implements the redirection rule set for the user’s address. Rule sets are removed from the redirection server either when the user disconnects, or based on some predetermined event. New rule sets are added to the redirection server either when a user connects, or based on some predetermined event.

FIELD OF THE INVENTION

This invention relates to the field of Internet communications, more particularly, to a database system for use in dynamically redirecting and filtering Internet traffic.

BACKGROUND OF THE INVENTION

In prior art systems as shown in FIG. 1 when an Internet user establishes a connection with an Internet Service Provider (ISP), the user first makes a physical connection between their computer 100 and a dial-up networking server 102, the user provides to the dial-up networking server their user ID and password. The dial-up networking server then passes the user ID and password, along with a temporary Internet Protocol (IP) address for use by the user to the ISP’s authentication and accounting server 104. A detailed description of the IP communications protocol is discussed in Internetworking with TCP/IP, 3rd ed., Douglas Comer, Prentice Hall, 1995, which is fully incorporated herein by reference. The authentication and accounting server, upon verification of the user ID and password using a database 106 would send an authorization message to the dial-up networking server 102 to allow the user to use the temporary IP address assigned to that user by the dial-up networking server and then logs the connection and assigned IP address. For the duration of that session, whenever the user would make a request to the Internet 110 via a gateway 108, the end user would be identified by the temporarily assigned IP address.

The redirection of Internet traffic is most often done with World Wide Web (WWW) traffic (more specifically, traffic using the HTTP (hypertext transfer protocol)). However, redirection is not limited to WWW traffic, and the concept is valid for all IP services. To illustrate how redirection is accomplished, consider the following example, which redirects a user’s request for a WWW page (typically an html (hypertext markup language) file) to some other WWW page. First, the user instructs the WWW browser (typically software running on the user’s PC) to access a page on a remote WWW server by typing in the URL (universal resource locator) or clicking on a URL link. Note that a URL provides information about the communications protocol, the location of the server (typically an Internet domain name or IP address), and the location of the page on the remote server. The browser next sends a request to the server requesting the page. In response to the user’s request, the web server sends the requested page to the browser. The page, however, contains html code instructing the browser to request some other WWW page—hence the redirection of the user begins. The browser then requests the redirected WWW page according to the URL contained in the first page’s html code. Alternately, redirection can also be accomplished by coding the page such that it instructs the browser to run a program, like a Java applet or the like, which then redirects the browser. One disadvantage with current redirection technology is that control of the redirection is at the remote end, or WWW server end—and not the local, or user end. That is to say that the redirection is performed by the remote server, not the user’s local gateway.

Filtering packets at the Internet Protocol (IP) layer has been possible using a firewall device or other packet filtering device for several years. Although packet filtering is most often used to filter packets coming into a private network for security purposes, once properly programed, they can filter outgoing packets sent from users to a specific destination as well. Packet filtering can distinguish, and filter based on, the type of IP service contained within an IP packet. For example, the packet filter can determine if the packet contains FTP (file transfer protocol) data, WWW data, or Telnet session data. Service identification is achieved by identifying the terminating port number contained within each IP packet header. Port numbers are standard within the industry to allow for interoperability between equipment. Packet filtering devices allow network administrators to filter packets based on the source and/or destination information, as well as on the type of service being transmitted within each IP packet. Unlike redirection technology, packet filtering technology allows control at the local end of the network connection, typically by the network administrator. However, packet filtering is very limited because it is static. Once packet filtering rule sets are programed into a firewall or other packet filter device, the rule set can only be changed by manually reprogramming the device.

Packet filter devices are often used with proxy server systems, which provide access control to the Internet and are most often used to control access to the world wide web. In a typical configuration, a firewall or other packet filtering device filters all WWW requests to the Internet from a local network, except for packets from the proxy server. That is to say that a packet filter or firewall blocks all traffic originating from within the local network which is destined for connection to a remote server on port 80 (the standard WWW port number). However, the packet filter or firewall permits such traffic to and from the proxy server. Typically, the proxy server is programed with a set of destinations that are to be blocked, and packets destined for blocked addresses are not forwarded. When the proxy server receives a packet, the destination is checked against a database for approval. If the destination is allowed, the proxy server simply forwards packets between the local user and the remote server outside the firewall. However, proxy servers are limited to either blocking or allowing specific system terminals access to remote databases.

A recent system is disclosed in U.S. Pat. No.5,696,898. This patent discloses a system, similar to a proxy server, that allows network administrators to restrict specific IP addresses inside a firewall from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW/Internet). According to the disclosure, the system has a relational database which allows network administrators to restrict specific terminals, or groups of terminals, from accessing certain locations. Similarly limited as a proxy server, this invention can only block or allow terminals’ access to remote sites. This system is also static in that rules programmed into the database need to be reprogramming in order to change which locations specific terminals may access.

SUMMARY OF THE INVENTION

The present invention allows for creating and implementing dynamically changing rules, to allow the redirection, blocking, or allowing, of specific data traffic for specific users, as a function of database entries and the user’s activity. In certain embodiments according to the present invention, when the user connects to the local network, as in the prior art system, the user’s ID and password are sent to the authentication accounting server. The user ID and password are checked against information in an authentication database. The database also contains personalized filtering and redirection information for the particular user ID. During the connection process, the dial-up network server provides the authentication accounting server with the IP address that is going to be temporarily assigned to the user. The authentication accounting server then sends both the user’s temporary IP address and all of the particular user’s filter and redirection information to a redirection server. The IP address temporarily assigned to the end user is then sent back to the end user for use in connecting to the network.

Once connected to the network, all data packets sent to, or received by, the user include the user’s temporary IP address in the IP packet header. The redirection server uses the filter and redirection information supplied by the authentication accounting server, for that particular IP address, to either allow packets to pass through the redirection server unmolested, block the request all together, or modify the request according to the redirection information.

When the user terminates the connection with the network, the dial-up network server informs the authentication accounting server, which in turn, sends a message to the redirection server telling it to remove any remaining filtering and redirection information for the terminated user’s temporary IP address. This then allows the dial-up network to reassign that IP address to another user. In such a case, the authentication accounting server retrieves the new user’s filter and redirection information from the database and passes it, with the same IP address which is now being used by a different user, to the redirection server. This new user’s filter may be different from the first user’s filter.

Related Posts

US 5577205 Chassis for a multiple computer system ABSTRACT – A multiple computer system having team/work group features built in. A principal hardware component thereof is a unitary chassis of a compact tower configuration, designed to house electronics for up to four personal computers, all operating on a single power supply. The unitary chassis provides interconnecting cable for connecting up to four corresponding display terminals and keyboards. One of the personal computers in the chassis is designated the TEAMHUB and the remaining personal computers in the chassis are designated TEAMMATES. Up to three such TEAMMATES may be included in one such chassis. Two TEAMPRO systems may be readily combined to serve up to eight local users in a team/work group environment. Each such computer electronics within the TEAMCHASSIS provides a communication card, which may for example be a SCSI card providing data rate transfer between TEAMHUB and TEAMMATES at 10 Megabytes…

US 6397230 Real-time multimedia transmission ABSTRACT – A method for conveying a multimedia sequence from a source computer to a destination computer, including, providing an ordered series of data frames at the source computer, each data frame corresponding to an image in the sequence and including data representing one or more media associated with the image, producing a table including pointers, each pointer associated with one frame in the series, transmitting the table to the destination computer, and responsive to selection of one of the pointers in the table, transmitting at least a sub-series of the series of data frames, said sub-series beginning with the frame with which the selected one of the pointers is associated. FIELD OF THE INVENTION The present invention relates generally to data transmission, and particularly to fast transmission of large multimedia files. BACKGROUND OF THE INVENTION The advent of powerful computers and large storage disks, such…

US 7512943 Distributed caching of files in a network ABSTRACT – Distributed caching and download of file. A method is described that includes building a peer list comprising a listing of potential peer servers from among one or more networked computers. The peer list includes no more than a predetermined number of potential peer servers. Potential peer servers in the peer list are queried for a file or portion of a file. A message from a peer server in the peer list is received indicating that the peer server has the file or portion of a file available for download. The computer system downloads the file or portion of a file from the peer server. BACKGROUND Network computing allows computers to request and receive software and file content from servers for installation and/or storage on the computers. File content may include, for example, text files, video files, data files, image files,…

US 7392300 Method and system for modelling a communications network ABSTRACT – A system and method of modelling a communications network using a computer system is disclosed, the method including generating a network representation using computer-readable code that represents structured information; parsing the network representation; generating a network model using the parsed network representation, the network model including a plurality of network objects and relationships between the plurality of network objects; and storing the network model in memory. Any type of network may be modeled. The computer-readable code may be any suitable language or instructions for representing structured information such as, for example, extensible mark-up language (XML). A network inventory adapter receives the network representation from the network. The network inventory adapter is a software component that may be used to connect applications to the network. The network inventory adapter receives the network representation from the network and reads and parses…

US 7397763 Admissions control in a connectionless communications network ABSTRACT – A method of providing call admission control which does not require using MIDCOM protocol methods, Packetcable protocols or COPS-RSVP s approaches is described which is simple to implement, cost-effective and which is able to deal with particular situations such as conference calls. Each link in a communications network over which it is required to perform call admissions control is provided with a middlebox connected at each end of that link such that admissions control can be carried out at one end of the link. Call services are provided by Call Servers, each of which has access to a database containing pre-specified information about all middleboxes in that call server’s realm. The database also has information about maximum bandwidths for the link associated with each middlebox. The call servers are used to keep a running tally of the amount of VoIP…

US 6233245 Method and apparatus for management of bandwidth in a data communication network ABSTRACT – The present invention relates to the field of data communication networks. More specifically, it pertains to devices and methods for the management of bandwidth on links between routing nodes in data networks. The system is particularly useful for reducing congestion caused by high volume traffic streams. The invention provides a novel router that separates traffic on the basis of data type into separate queues buffers. The various queue buffers are associated with virtual output ports on a common physical link. A scheduler regulates the data release from the queue buffers into the physical link to control the bandwidth portion that is made available to each type of data. FIELD OF THE INVENTION The present invention relates to the field of data communication networks. More specifically, it pertains to devices and methods for the management of…

US 8407356 Real time communications system ABSTRACT – A computerized human communication arbitrating and distributing system, including a controller digital computer and a plurality of participator digital computers, each of the participator computers including an input device for receiving human-input information from a human user and an output device for presenting information to the user, each said user having a user identity. A connection, such as Internet, links the controller computer with each of the participator computers. Controller software runs on the controller computer to arbitrate in accordance with predefined rules including said user identity, which ones of the participator computers can interact in one of a plurality of groups through the controller computer and to distribute real time data to the respective ones of the groups. Participator software runs on each of the participator computers to handle a user interface permitting one said user to send a multimedia information message…

US 8788090 System and method for creating a personalized consumer product ABSTRACT – A system and method for creating a personalized consumer product are provided. The system and method of the present disclosure enables a user, e.g., a consumer, to customize products containing solids and/or fluids by allowing a server communicating over the global computer network, e.g., the Internet, to provide product preferences of a user to a product or a mixing device, e.g., a product or beverage dispenser. The method for creating a product according to a user’s preferences over a network includes the steps identifying a product to a server over the network; identifying a user to the server over the network; retrieving the user’s product preferences from a database at the server based on the product’s identity and user’s identity; transmitting the user’s product preferences to the product over the network; and mixing at least one element contained…

US 8548135 Systems and methods for visual presentation and selection of IVR menu ABSTRACT – Embodiments of the invention provide a communication device. The communication device comprises a database comprising one or more visual IVR menus associated with a plurality of calling devices. Further, the communication device comprises means for receiving a call from a phone number of a calling device, and means for displaying a visual IVR menu associated with the phone number of the calling device. FIELD OF THE INVENTION The invention relates to Interactive Voice Response (IVR) system and more specifically the invention relates to presentation of a visual IVR menu of a calling first party device. BACKGROUND OF THE INVENTION The advent of Interactive Voice Response (IVR) systems has reduced operating costs for many types of businesses for providing services. Generally, the IVR systems allow a user to interact with an audio or visual response system. The…

US 8929517 Systems and methods for visual presentation and selection of IVR menu ABSTRACT – Embodiments of the invention provide a system for generating an Interactive Voice Response (IVR) database, the system comprising a processor and a memory coupled to the processor. The memory comprising a list of telephone numbers associated with one or more destinations implementing IVR menus, wherein the one or more destinations are grouped based on a plurality of categories of the IVR menus. Further the memory includes instructions executable by said processor for automatically communicating with the one of more destinations, and receiving at least one customization record from said at least one destination to store in the IVR database. FIELD OF THE INVENTION The invention relates to Interactive Voice Response (IVR) system and more specifically the invention relates to visual selection of IVR option from a caller device. BACKGROUND OF THE INVENTION Interactive Voice Response (IVR)…

RE40467 Method and apparatus for managing the flow of data within a switching device. ABSTRACT – A method and apparatus for managing the flow of data within a switching device is provided. The switching device includes network interface cards connected to a common backplane. Each interface card is configured to support the maximum transfer rate of the backplane by maintaining a “pending” queue to track data that has been received but for which the appropriate routing destination has not yet been determined. The switching device includes a switch controller that maintains a central card/port-to-address table. When an interface card receives data with a destination address that is not known to the interface card, the interface card performs a direct memory access over a bus that is separate from the backplane to read routing data directly from the central table in the switch controller. Each interface card builds and maintains a routing…

US 8559369 Wireless internet system and method ABSTRACT – A method for providing a wireless Internet connection to WiFi-enabled devices (STAs) comprising: wirelessly connecting a first STA to the Internet through a first AP with a first SSID; remaining connected to the first Access Point (AP), the first STA creates a software-based wireless AP with a second SSID for wirelessly connecting other STAs to the Internet through the first STA. A software module running on the first STA allows a second STA a wide access to the Internet only if the second STA has a copy of the software module running installed and active therein. A method for configuring STAs to connect to a wireless network, comprising: a customer first connects a STA by wire to its network; a software on the STA copies to the STA the security information gained through the wired connection, thus setting the security parameters for…

US 6374289 Distributed client-based data caching system ABSTRACT – A system and method for enabling data package distribution to be performed by a plurality of peer clients connected to each other through a network, such as a LAN (local area network). Each peer client can obtain data packages from each other or from an external server. However, each peer client preferably obtains data packages from other peer clients, rather than obtaining data packages from the external server. FIELD AND BACKGROUND OF THE INVENTION The present invention relates to a distributed client-based data caching system. Specifically, the system of the present invention enables data packages to be served to a client through a flexible, non-deterministic distributed system of peer clients which cache the data packages, in order to maximize efficiency and speed for serving the data package to the client. Networks which connect two or more computers, such as the Internet or…

US 7313608 Method and apparatus for using documents written in a markup language to access and configure network elements ABSTRACT – An XML accessible network device is capable of performing functions in response to an XML encoded request transmitted over a network. It includes a network data transfer service, coupled to a network, that is capable of receiving XML encoded requests from a client also connected to the network. An XML engine is capable of understanding and parsing the XML encoded requests according to a corresponding DTD. The XML engine further instantiates a service using parameters provided in the XML encoded request and launches the service for execution on the network device. A set of device APIs interacts with hardware and software on the network device for executing the requested service on the network device. If necessary, a response is further collected from the device and provided to the client…

US 6389473 Network media streaming ABSTRACT – A method for real-time broadcasting from a transmitting computer to one or more client computers over a network, including providing at the transmitting computer a data stream having a given data rate, and dividing the stream into a sequence of slices, each slice having a predetermined data size associated therewith. The slices are encoded in a corresponding sequence of files, each file having a respective index, and the sequence is uploaded to a server at an upload rate generally equal to the data rate of the stream, such that the one or more client computers can download the sequence over the network from the server at a download rate generally equal to the data rate. FIELD OF THE INVENTION The present invention relates generally to network data communications, and specifically to real-time multimedia broadcasting over a network BACKGROUND OF THE INVENTION In network broadcasting,…

24 Mar 1998

Search

Contact

Network Communications Expert

A scientist, a technologist and an educator with over 30 years of experience; co-authored over 25 scientific publications, journal articles, and peer-reviewed papers; named inventor of over 120 issued and filed patents. Expert in telecommunications, network communications, Internet protocols, and mobile wireless.